I'm setting up a new AlwaysOn VPN server and want to switch from our existing wildcard certificate from Digicert to one from Let's Encrypt. I'm hoping to automate the renewal process with Win-Acme or a similar tool. Has anyone tried this? What advice, tips, or common pitfalls should I be aware of?
4 Answers
Absolutely, it can work well! Just like others have pointed out, the binding process can be a bit temperamental. Don't forget to restart the RRAS service after you've updated the certificate; you might set up a custom script to automate that with Win-Acme's options to streamline the process.
You should definitely check out simple-acme for this! It's a great alternative, and I think it might simplify your setup. Give it a look!
I've been using this setup myself. The biggest issue I've encountered is forgetting to restart the RRAS service after the certificate renewal. The certificate binds correctly, but clients might fail to connect without that restart, which can be frustrating.
Using Let's Encrypt with AlwaysOn VPN is definitely possible, but you need to keep an eye on things to ensure it runs smoothly. Win-Acme handles certificate renewals pretty well, but the connection bindings in Windows can be tricky. If something doesn't match up right, your VPN could stop working unexpectedly. It's crucial to test the renewal process in a controlled environment and make sure you have a script ready to import, bind, and restart services to avoid any downtime.
Can you explain why you recommend simple-acme over Win-Acme?